Title

External Signature Services Menu for Office must be suppressed. (Cat II impact)

Discussion

Users can select Add Signature Services (from the Signature Line drop-down menu on the Insert tab of the Ribbon in Excel 2010, PowerPoint 2010, and Word 2010) to see a list of signature service providers on the Microsoft Office Web site. If your organization has policies that govern the use of external resources such as signature providers or Office Marketplace, allowing users to access the Add Signature Services menu item might enable them to violate those policies.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Signing “Suppress external signature services menu item” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\signatures Criteria: If the value SuppressExtSigningSvcs is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Signing “Suppress external signature services menu item” to “Enabled”.

Additional Identifiers

Rule ID: SV-33474r1_rule

Vulnerability ID: V-17805

Group Title: DTOO204 - External Signature Services menu

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.